client

package
v0.0.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 24, 2026 License: MIT Imports: 24 Imported by: 0

Documentation

Overview

Package client provides a Go SDK for the remote-signer service.

The client SDK allows applications to interact with the remote-signer service for secure transaction and message signing. The key feature is the RemoteSigner type, which implements all ethsig signer interfaces, making it a drop-in replacement for local signers.

Basic Usage

Create a client with Ed25519 authentication: 

client, err := client.NewClient(client.Config{
    BaseURL:       "http://localhost:8080",
    APIKeyID:      "your-api-key-id",
    PrivateKeyHex: "your-ed25519-private-key-hex",
})
if err != nil {
    log.Fatal(err)
}

Using RemoteSigner

Get a signer that implements all ethsig interfaces: 

address := common.HexToAddress("0x1234...")
signer := client.GetSigner(address, "1") // chainID = 1 (Ethereum mainnet)

// Personal sign (implements ethsig.PersonalSigner)
sig, err := signer.PersonalSign("Hello, World!")

// Sign hash (implements ethsig.HashSigner)
sig, err := signer.SignHash(hash)

// Sign typed data (implements ethsig.TypedDataSigner)
sig, err := signer.SignTypedData(typedData)

// Sign transaction (implements ethsig.TransactionSigner)
signedTx, err := signer.SignTransactionWithChainID(tx, chainID)

Using with ethsig.Signer

The RemoteSigner can be wrapped with ethsig.NewSigner for flexible usage: 

remoteSigner := client.GetSigner(address, chainID)
signer := ethsig.NewSigner(remoteSigner)

// Now use all ethsig.Signer methods
sig, err := signer.PersonalSign("message")
sig, err := signer.SignTypedData(typedData)

Approval Handling

By default, the Sign method waits for manual approval if required: 

// This will poll until approved, rejected, or timeout
resp, err := client.Sign(ctx, &SignRequest{...})

// To return immediately without waiting:
resp, err := client.SignWithOptions(ctx, &SignRequest{...}, false)
if errors.Is(err, client.ErrPendingApproval) {
    // Handle pending approval
}

Configuration Options 

client.Config{
    BaseURL:       "http://localhost:8080",  // Required
    APIKeyID:      "key-id",                  // Required
    PrivateKey:    ed25519Key,                // Either this or PrivateKeyHex
    PrivateKeyHex: "hex-string",              // Either this or PrivateKey
    HTTPClient:    customClient,              // Optional
    PollInterval:  2 * time.Second,           // Default: 2s
    PollTimeout:   5 * time.Minute,           // Default: 5m
}

Package client provides a Go SDK for the remote-signer service.

Index

Constants

View Source 
const (
	SignTypeHash        = "hash"
	SignTypeRawMessage  = "raw_message"
	SignTypeEIP191      = "eip191"
	SignTypePersonal    = "personal"
	SignTypeTypedData   = "typed_data"
	SignTypeTransaction = "transaction"
)

Sign types supported by the remote-signer.

View Source 
const (
	StatusPending     = "pending"
	StatusAuthorizing = "authorizing"
	StatusSigning     = "signing"
	StatusCompleted   = "completed"
	StatusRejected    = "rejected"
	StatusFailed      = "failed"
)

Request status values.

Variables

View Source 
var (
	// ErrUnauthorized is returned when authentication fails.
	ErrUnauthorized = errors.New("unauthorized: invalid or expired API key/signature")

	// ErrNotFound is returned when the requested resource is not found.
	ErrNotFound = errors.New("not found")

	// ErrSignerNotFound is returned when the requested signer is not available.
	ErrSignerNotFound = errors.New("signer not found")

	// ErrInvalidPayload is returned when the signing payload is invalid.
	ErrInvalidPayload = errors.New("invalid payload")

	// ErrRateLimited is returned when too many requests are made.
	ErrRateLimited = errors.New("rate limited")

	// ErrPendingApproval is returned when a request requires manual approval.
	ErrPendingApproval = errors.New("pending manual approval")

	// ErrRejected is returned when a request is rejected.
	ErrRejected = errors.New("request rejected")

	// ErrBlocked is returned when a request is blocked by a blocklist rule.
	ErrBlocked = errors.New("request blocked by rule")

	// ErrTimeout is returned when polling for a result times out.
	ErrTimeout = errors.New("timeout waiting for approval")
)

Common errors returned by the client.

Functions

This section is empty.

Types

type APIError 

type APIError struct {
	StatusCode int
	Code       string
	Message    string
}

APIError represents an error returned by the remote-signer API.

func (*APIError) Error 

func (e *APIError) Error() string

Error implements the error interface.

func (*APIError) Is 

func (e *APIError) Is(target error) bool

Is implements errors.Is for APIError.

type ApproveRequest 

type ApproveRequest struct {
	Approved bool   `json:"approved"`            // true for approve, false for reject
	RuleType string `json:"rule_type,omitempty"` // evm_address_list, evm_contract_method, evm_value_limit (if set, generates rule)
	RuleMode string `json:"rule_mode,omitempty"` // whitelist, blocklist
	RuleName string `json:"rule_name,omitempty"` // Name for the generated rule
	MaxValue string `json:"max_value,omitempty"` // Required for evm_value_limit
}

ApproveRequest represents a request to approve a signing request.

type ApproveResponse 

type ApproveResponse struct {
	RequestID     string `json:"request_id"`
	Status        string `json:"status"`
	Signature     string `json:"signature,omitempty"`
	SignedData    string `json:"signed_data,omitempty"`
	Message       string `json:"message,omitempty"`
	GeneratedRule *Rule  `json:"generated_rule,omitempty"`
}

ApproveResponse represents the response from an approval request.

type AuditRecord 

type AuditRecord struct {
	ID            string     `json:"id"`
	EventType     string     `json:"event_type"`
	Severity      string     `json:"severity"`
	Timestamp     time.Time  `json:"timestamp"`
	APIKeyID      string     `json:"api_key_id,omitempty"`
	ActorAddress  string     `json:"actor_address,omitempty"`
	SignRequestID *string    `json:"sign_request_id,omitempty"`
	SignerAddress *string    `json:"signer_address,omitempty"`
	ChainType     *string    `json:"chain_type,omitempty"`
	ChainID       *string    `json:"chain_id,omitempty"`
	RuleID        *string    `json:"rule_id,omitempty"`
	Details       RuleConfig `json:"details,omitempty"` // JSON details
	ErrorMessage  string     `json:"error_message,omitempty"`
	RequestMethod string     `json:"request_method,omitempty"`
	RequestPath   string     `json:"request_path,omitempty"`
}

AuditRecord represents an audit log entry.

type BudgetConfig 

type BudgetConfig struct {
	MaxTotal   string `json:"max_total"`
	MaxPerTx   string `json:"max_per_tx"`
	MaxTxCount int    `json:"max_tx_count,omitempty"`
	AlertPct   int    `json:"alert_pct,omitempty"`
}

BudgetConfig defines budget limits for an instance.

type Client 

type Client struct {

	// PollInterval is the interval between status checks when waiting for approval.
	PollInterval time.Duration

	// PollTimeout is the maximum time to wait for approval.
	PollTimeout time.Duration

	// UseNonce enables nonce-based replay protection (recommended for production).
	// When enabled, a random nonce is included in each request signature.
	UseNonce bool
	// contains filtered or unexported fields
}

Client is a client for the remote-signer service.

func NewClient 

func NewClient(cfg Config) (*Client, error)

NewClient creates a new Client with the given configuration.

func (*Client) ApproveSignRequest 

func (c *Client) ApproveSignRequest(ctx context.Context, requestID string, req *ApproveRequest) (*ApproveResponse, error)

ApproveSignRequest approves or rejects a pending signing request.

func (*Client) CreateRule 

func (c *Client) CreateRule(ctx context.Context, req *CreateRuleRequest) (*Rule, error)

CreateRule creates a new authorization rule.

func (*Client) CreateSigner 

func (c *Client) CreateSigner(ctx context.Context, req *CreateSignerRequest) (*Signer, error)

CreateSigner creates a new signer (admin only).

func (*Client) CreateTemplate 

func (c *Client) CreateTemplate(ctx context.Context, req *CreateTemplateRequest) (*Template, error)

CreateTemplate creates a new rule template (admin only).

func (*Client) DeleteRule 

func (c *Client) DeleteRule(ctx context.Context, ruleID string) error

DeleteRule deletes a rule by ID.

func (*Client) DeleteTemplate 

func (c *Client) DeleteTemplate(ctx context.Context, templateID string) error

DeleteTemplate deletes a template by ID (admin only).

func (*Client) GetRequest 

func (c *Client) GetRequest(ctx context.Context, requestID string) (*RequestStatus, error)

GetRequest gets the status of a signing request.

func (*Client) GetRule 

func (c *Client) GetRule(ctx context.Context, ruleID string) (*Rule, error)

GetRule retrieves a specific rule by ID.

func (*Client) GetSigner 

func (c *Client) GetSigner(address common.Address, chainID string) *RemoteSigner

GetSigner returns a RemoteSigner for the specified address. The returned signer implements all ethsig signer interfaces.

func (*Client) GetTemplate 

func (c *Client) GetTemplate(ctx context.Context, templateID string) (*Template, error)

GetTemplate retrieves a specific template by ID.

func (*Client) Health 

func (c *Client) Health(ctx context.Context) (*HealthResponse, error)

Health checks the health of the remote-signer service.

func (*Client) InstantiateTemplate 

func (c *Client) InstantiateTemplate(ctx context.Context, templateID string, req *InstantiateTemplateRequest) (*InstantiateTemplateResponse, error)

InstantiateTemplate creates a rule instance from a template (admin only).

func (*Client) ListAuditRecords 

func (c *Client) ListAuditRecords(ctx context.Context, filter *ListAuditFilter) (*ListAuditResponse, error)

ListAuditRecords lists audit records with optional filters.

func (*Client) ListRequests 

func (c *Client) ListRequests(ctx context.Context, filter *ListRequestsFilter) (*ListRequestsResponse, error)

ListRequests lists signing requests with optional filters using cursor-based pagination.

func (*Client) ListRules 

func (c *Client) ListRules(ctx context.Context, filter *ListRulesFilter) (*ListRulesResponse, error)

ListRules lists authorization rules with optional filters.

func (*Client) ListSigners 

func (c *Client) ListSigners(ctx context.Context, filter *ListSignersFilter) (*ListSignersResponse, error)

ListSigners lists available signers with optional filters.

func (*Client) ListTemplates 

func (c *Client) ListTemplates(ctx context.Context, filter *ListTemplatesFilter) (*ListTemplatesResponse, error)

ListTemplates lists rule templates with optional filters.

func (*Client) PreviewRule 

func (c *Client) PreviewRule(ctx context.Context, requestID string, req *PreviewRuleRequest) (*PreviewRuleResponse, error)

PreviewRule previews the rule that would be generated for a pending request.

func (*Client) ResumeApprovalGuard 

func (c *Client) ResumeApprovalGuard(ctx context.Context) error

ResumeApprovalGuard resumes the approval guard after it has paused sign requests (admin only). Returns an error if the guard is not configured or the request fails.

func (*Client) RevokeInstance 

func (c *Client) RevokeInstance(ctx context.Context, ruleID string) (*RevokeInstanceResponse, error)

RevokeInstance revokes (disables) a rule instance created from a template (admin only).

func (*Client) Sign 

func (c *Client) Sign(ctx context.Context, req *SignRequest) (*SignResponse, error)

Sign submits a signing request and returns the result. If the request requires manual approval, this method will poll for the result until it's completed or the timeout is reached.

func (*Client) SignWithOptions 

func (c *Client) SignWithOptions(ctx context.Context, req *SignRequest, waitForApproval bool) (*SignResponse, error)

SignWithOptions submits a signing request with options. If waitForApproval is false, returns immediately even if approval is pending.

func (*Client) ToggleRule 

func (c *Client) ToggleRule(ctx context.Context, ruleID string, enabled bool) (*Rule, error)

ToggleRule enables or disables a rule.

func (*Client) UpdateRule 

func (c *Client) UpdateRule(ctx context.Context, ruleID string, req *UpdateRuleRequest) (*Rule, error)

UpdateRule updates an existing authorization rule.

func (*Client) UpdateTemplate 

func (c *Client) UpdateTemplate(ctx context.Context, templateID string, req *UpdateTemplateRequest) (*Template, error)

UpdateTemplate updates an existing template (admin only).

type ClientInterface 

type ClientInterface interface {
	// Health checks the health of the remote-signer service.
	Health(ctx context.Context) (*HealthResponse, error)

	// Sign submits a signing request and returns the result.
	Sign(ctx context.Context, req *SignRequest) (*SignResponse, error)

	// SignWithOptions submits a signing request with options.
	SignWithOptions(ctx context.Context, req *SignRequest, waitForApproval bool) (*SignResponse, error)

	// GetRequest gets the status of a signing request.
	GetRequest(ctx context.Context, requestID string) (*RequestStatus, error)

	// ListRequests lists signing requests with optional filters.
	ListRequests(ctx context.Context, filter *ListRequestsFilter) (*ListRequestsResponse, error)

	// ApproveSignRequest approves or rejects a pending signing request.
	ApproveSignRequest(ctx context.Context, requestID string, req *ApproveRequest) (*ApproveResponse, error)

	// PreviewRule previews the rule that would be generated for a pending request.
	PreviewRule(ctx context.Context, requestID string, req *PreviewRuleRequest) (*PreviewRuleResponse, error)

	// ListRules lists authorization rules with optional filters.
	ListRules(ctx context.Context, filter *ListRulesFilter) (*ListRulesResponse, error)

	// GetRule retrieves a specific rule by ID.
	GetRule(ctx context.Context, ruleID string) (*Rule, error)

	// CreateRule creates a new authorization rule.
	CreateRule(ctx context.Context, req *CreateRuleRequest) (*Rule, error)

	// UpdateRule updates an existing authorization rule.
	UpdateRule(ctx context.Context, ruleID string, req *UpdateRuleRequest) (*Rule, error)

	// DeleteRule deletes a rule by ID.
	DeleteRule(ctx context.Context, ruleID string) error

	// ToggleRule enables or disables a rule.
	ToggleRule(ctx context.Context, ruleID string, enabled bool) (*Rule, error)

	// ListAuditRecords lists audit records with optional filters.
	ListAuditRecords(ctx context.Context, filter *ListAuditFilter) (*ListAuditResponse, error)

	// ListSigners lists available signers with optional filters.
	ListSigners(ctx context.Context, filter *ListSignersFilter) (*ListSignersResponse, error)

	// CreateSigner creates a new signer (admin only).
	CreateSigner(ctx context.Context, req *CreateSignerRequest) (*Signer, error)

	// ListTemplates lists rule templates with optional filters.
	ListTemplates(ctx context.Context, filter *ListTemplatesFilter) (*ListTemplatesResponse, error)

	// GetTemplate retrieves a specific template by ID.
	GetTemplate(ctx context.Context, templateID string) (*Template, error)

	// CreateTemplate creates a new rule template (admin only).
	CreateTemplate(ctx context.Context, req *CreateTemplateRequest) (*Template, error)

	// UpdateTemplate updates an existing template (admin only).
	UpdateTemplate(ctx context.Context, templateID string, req *UpdateTemplateRequest) (*Template, error)

	// DeleteTemplate deletes a template by ID (admin only).
	DeleteTemplate(ctx context.Context, templateID string) error

	// InstantiateTemplate creates a rule instance from a template (admin only).
	InstantiateTemplate(ctx context.Context, templateID string, req *InstantiateTemplateRequest) (*InstantiateTemplateResponse, error)

	// RevokeInstance revokes a rule instance created from a template (admin only).
	RevokeInstance(ctx context.Context, ruleID string) (*RevokeInstanceResponse, error)
}

ClientInterface defines the interface for the remote-signer client. This interface is used for mocking in tests.

type Config 

type Config struct {
	// BaseURL is the base URL of the remote-signer service.
	// Example: "http://localhost:8080"
	BaseURL string

	// APIKeyID is the API key identifier.
	APIKeyID string

	// PrivateKey is the Ed25519 private key for signing requests.
	// Must be 64 bytes (seed + public key).
	PrivateKey ed25519.PrivateKey

	// PrivateKeyHex is an alternative way to provide the private key as hex string.
	// Either PrivateKey, PrivateKeyHex, or PrivateKeyBase64 must be provided.
	PrivateKeyHex string

	// PrivateKeyBase64 is an alternative way to provide the private key in base64 DER format.
	// This is the format output by: openssl pkey -in private.pem -outform DER | base64
	PrivateKeyBase64 string

	// HTTPClient is an optional custom HTTP client.
	// If nil, a default client with 30s timeout is used.
	HTTPClient *http.Client

	// PollInterval is the interval between status checks when waiting for approval.
	// Default: 2 seconds.
	PollInterval time.Duration

	// PollTimeout is the maximum time to wait for approval.
	// Default: 5 minutes.
	PollTimeout time.Duration

	// UseNonce enables nonce-based replay protection (recommended for production).
	// When enabled, a random nonce is included in each request signature.
	// Default: true (enabled for security)
	UseNonce *bool

	// TLSCertFile is the path to the client TLS certificate (for mTLS).
	TLSCertFile string

	// TLSKeyFile is the path to the client TLS private key (for mTLS).
	TLSKeyFile string

	// TLSCAFile is the path to the CA certificate to verify the server.
	// Required when connecting to a server with a self-signed certificate.
	TLSCAFile string

	// TLSSkipVerify skips server certificate verification.
	// WARNING: This is insecure and should only be used for testing.
	TLSSkipVerify bool
}

Config holds configuration for creating a new Client.

type CreateKeystoreParams 

type CreateKeystoreParams struct {
	Password string `json:"password"`
}

CreateKeystoreParams contains parameters for creating a keystore signer.

type CreateRuleRequest 

type CreateRuleRequest struct {
	Name          string                 `json:"name"`
	Description   string                 `json:"description,omitempty"`
	Type          string                 `json:"type"`
	Mode          string                 `json:"mode"`
	ChainType     *string                `json:"chain_type,omitempty"`
	ChainID       *string                `json:"chain_id,omitempty"`
	APIKeyID      *string                `json:"api_key_id,omitempty"`
	SignerAddress *string                `json:"signer_address,omitempty"`
	Config        map[string]interface{} `json:"config"`
	Enabled       bool                   `json:"enabled"`
}

CreateRuleRequest represents a request to create a new rule.

type CreateSignerRequest 

type CreateSignerRequest struct {
	Type     string                `json:"type"`
	Keystore *CreateKeystoreParams `json:"keystore,omitempty"`
}

CreateSignerRequest represents a request to create a new signer.

type CreateTemplateRequest 

type CreateTemplateRequest struct {
	Name           string                 `json:"name"`
	Description    string                 `json:"description,omitempty"`
	Type           string                 `json:"type"`
	Mode           string                 `json:"mode"`
	Variables      []TemplateVariable     `json:"variables,omitempty"`
	Config         map[string]interface{} `json:"config"`
	BudgetMetering map[string]interface{} `json:"budget_metering,omitempty"`
	TestVariables  map[string]string      `json:"test_variables,omitempty"`
	Enabled        bool                   `json:"enabled"`
}

CreateTemplateRequest represents a request to create a new template.

type ErrorResponse 

type ErrorResponse struct {
	Error   string `json:"error"`
	Message string `json:"message"`
}

ErrorResponse represents an error response from the API.

type HashPayload 

type HashPayload struct {
	Hash string `json:"hash"` // 0x prefixed, 32 bytes
}

HashPayload represents the payload for hash signing.

type HealthResponse 

type HealthResponse struct {
	Status  string `json:"status"`
	Version string `json:"version"`
}

HealthResponse represents the health check response.

type InstantiateTemplateRequest 

type InstantiateTemplateRequest struct {
	TemplateName  string            `json:"template_name,omitempty"`
	Name          string            `json:"name,omitempty"`
	Variables     map[string]string `json:"variables"`
	ChainType     *string           `json:"chain_type,omitempty"`
	ChainID       *string           `json:"chain_id,omitempty"`
	APIKeyID      *string           `json:"api_key_id,omitempty"`
	SignerAddress *string           `json:"signer_address,omitempty"`
	ExpiresAt     *time.Time        `json:"expires_at,omitempty"`
	ExpiresIn     *string           `json:"expires_in,omitempty"`
	Budget        *BudgetConfig     `json:"budget,omitempty"`
	Schedule      *ScheduleConfig   `json:"schedule,omitempty"`
}

InstantiateTemplateRequest represents a request to create a rule instance from a template.

type InstantiateTemplateResponse 

type InstantiateTemplateResponse struct {
	Rule   json.RawMessage `json:"rule"`
	Budget json.RawMessage `json:"budget,omitempty"`
}

InstantiateTemplateResponse represents the response from creating a rule instance.

type ListAuditFilter 

type ListAuditFilter struct {
	EventType     string
	Severity      string
	APIKeyID      string
	SignerAddress string
	ChainType     string
	ChainID       string
	StartTime     *time.Time
	EndTime       *time.Time
	Limit         int
	// Cursor-based pagination
	Cursor   *string
	CursorID *string
}

ListAuditFilter contains filter options for listing audit records.

type ListAuditResponse 

type ListAuditResponse struct {
	Records      []AuditRecord `json:"records"`
	Total        int           `json:"total"`
	NextCursor   *string       `json:"next_cursor,omitempty"`
	NextCursorID *string       `json:"next_cursor_id,omitempty"`
	HasMore      bool          `json:"has_more"`
}

ListAuditResponse represents the response from listing audit records.

type ListRequestsFilter 

type ListRequestsFilter struct {
	Status        string
	SignerAddress string
	ChainID       string
	Limit         int
	// Cursor-based pagination
	Cursor   *string
	CursorID *string
}

ListRequestsFilter contains filter options for listing requests.

type ListRequestsResponse 

type ListRequestsResponse struct {
	Requests     []RequestStatus `json:"requests"`
	Total        int             `json:"total"`
	NextCursor   *string         `json:"next_cursor,omitempty"`
	NextCursorID *string         `json:"next_cursor_id,omitempty"`
	HasMore      bool            `json:"has_more"`
}

ListRequestsResponse represents the response from listing requests.

type ListRulesFilter 

type ListRulesFilter struct {
	ChainType     string
	SignerAddress string
	APIKeyID      string
	Type          string
	Mode          string
	Enabled       *bool
	Limit         int
	Offset        int
}

ListRulesFilter contains filter options for listing rules.

type ListRulesResponse 

type ListRulesResponse struct {
	Rules []Rule `json:"rules"`
	Total int    `json:"total"`
}

ListRulesResponse represents the response from listing rules.

type ListSignersFilter 

type ListSignersFilter struct {
	Type   string
	Offset int
	Limit  int
}

ListSignersFilter contains filter options for listing signers.

type ListSignersResponse 

type ListSignersResponse struct {
	Signers []Signer `json:"signers"`
	Total   int      `json:"total"`
	HasMore bool     `json:"has_more"`
}

ListSignersResponse represents the response from listing signers.

type ListTemplatesFilter 

type ListTemplatesFilter struct {
	Type    string
	Source  string
	Enabled *bool
	Limit   int
	Offset  int
}

ListTemplatesFilter contains filter options for listing templates.

type ListTemplatesResponse 

type ListTemplatesResponse struct {
	Templates []Template `json:"templates"`
	Total     int        `json:"total"`
}

ListTemplatesResponse represents the response from listing templates.

type MessagePayload 

type MessagePayload struct {
	Message string `json:"message"`
}

MessagePayload represents the payload for EIP-191/personal signing.

type MockClient 

type MockClient struct {

	// Function fields for mocking each method
	HealthFunc             func(ctx context.Context) (*HealthResponse, error)
	SignFunc               func(ctx context.Context, req *SignRequest) (*SignResponse, error)
	SignWithOptionsFunc    func(ctx context.Context, req *SignRequest, waitForApproval bool) (*SignResponse, error)
	GetRequestFunc         func(ctx context.Context, requestID string) (*RequestStatus, error)
	ListRequestsFunc       func(ctx context.Context, filter *ListRequestsFilter) (*ListRequestsResponse, error)
	ApproveSignRequestFunc func(ctx context.Context, requestID string, req *ApproveRequest) (*ApproveResponse, error)
	PreviewRuleFunc        func(ctx context.Context, requestID string, req *PreviewRuleRequest) (*PreviewRuleResponse, error)
	ListRulesFunc          func(ctx context.Context, filter *ListRulesFilter) (*ListRulesResponse, error)
	GetRuleFunc            func(ctx context.Context, ruleID string) (*Rule, error)
	CreateRuleFunc         func(ctx context.Context, req *CreateRuleRequest) (*Rule, error)
	UpdateRuleFunc         func(ctx context.Context, ruleID string, req *UpdateRuleRequest) (*Rule, error)
	DeleteRuleFunc         func(ctx context.Context, ruleID string) error
	ToggleRuleFunc         func(ctx context.Context, ruleID string, enabled bool) (*Rule, error)
	ListAuditRecordsFunc   func(ctx context.Context, filter *ListAuditFilter) (*ListAuditResponse, error)
	ListSignersFunc        func(ctx context.Context, filter *ListSignersFilter) (*ListSignersResponse, error)
	CreateSignerFunc       func(ctx context.Context, req *CreateSignerRequest) (*Signer, error)

	// Template methods
	ListTemplatesFunc       func(ctx context.Context, filter *ListTemplatesFilter) (*ListTemplatesResponse, error)
	GetTemplateFunc         func(ctx context.Context, templateID string) (*Template, error)
	CreateTemplateFunc      func(ctx context.Context, req *CreateTemplateRequest) (*Template, error)
	UpdateTemplateFunc      func(ctx context.Context, templateID string, req *UpdateTemplateRequest) (*Template, error)
	DeleteTemplateFunc      func(ctx context.Context, templateID string) error
	InstantiateTemplateFunc func(ctx context.Context, templateID string, req *InstantiateTemplateRequest) (*InstantiateTemplateResponse, error)
	RevokeInstanceFunc      func(ctx context.Context, ruleID string) (*RevokeInstanceResponse, error)

	// Call tracking
	Calls map[string][]any
	// contains filtered or unexported fields
}

MockClient is a mock implementation of ClientInterface for testing.

func NewMockClient 

func NewMockClient() *MockClient

NewMockClient creates a new mock client with default no-op implementations.

func (*MockClient) ApproveSignRequest 

func (m *MockClient) ApproveSignRequest(ctx context.Context, requestID string, req *ApproveRequest) (*ApproveResponse, error)

ApproveSignRequest implements ClientInterface.

func (*MockClient) CreateRule 

func (m *MockClient) CreateRule(ctx context.Context, req *CreateRuleRequest) (*Rule, error)

CreateRule implements ClientInterface.

func (*MockClient) CreateSigner 

func (m *MockClient) CreateSigner(ctx context.Context, req *CreateSignerRequest) (*Signer, error)

CreateSigner implements ClientInterface.

func (*MockClient) CreateTemplate 

func (m *MockClient) CreateTemplate(ctx context.Context, req *CreateTemplateRequest) (*Template, error)

CreateTemplate implements ClientInterface.

func (*MockClient) DeleteRule 

func (m *MockClient) DeleteRule(ctx context.Context, ruleID string) error

DeleteRule implements ClientInterface.

func (*MockClient) DeleteTemplate 

func (m *MockClient) DeleteTemplate(ctx context.Context, templateID string) error

DeleteTemplate implements ClientInterface.

func (*MockClient) GetCalls 

func (m *MockClient) GetCalls(method string) []any

GetCalls returns the recorded calls for a method.

func (*MockClient) GetRequest 

func (m *MockClient) GetRequest(ctx context.Context, requestID string) (*RequestStatus, error)

GetRequest implements ClientInterface.

func (*MockClient) GetRule 

func (m *MockClient) GetRule(ctx context.Context, ruleID string) (*Rule, error)

GetRule implements ClientInterface.

func (*MockClient) GetTemplate 

func (m *MockClient) GetTemplate(ctx context.Context, templateID string) (*Template, error)

GetTemplate implements ClientInterface.

func (*MockClient) Health 

func (m *MockClient) Health(ctx context.Context) (*HealthResponse, error)

Health implements ClientInterface.

func (*MockClient) InstantiateTemplate 

func (m *MockClient) InstantiateTemplate(ctx context.Context, templateID string, req *InstantiateTemplateRequest) (*InstantiateTemplateResponse, error)

InstantiateTemplate implements ClientInterface.

func (*MockClient) ListAuditRecords 

func (m *MockClient) ListAuditRecords(ctx context.Context, filter *ListAuditFilter) (*ListAuditResponse, error)

ListAuditRecords implements ClientInterface.

func (*MockClient) ListRequests 

func (m *MockClient) ListRequests(ctx context.Context, filter *ListRequestsFilter) (*ListRequestsResponse, error)

ListRequests implements ClientInterface.

func (*MockClient) ListRules 

func (m *MockClient) ListRules(ctx context.Context, filter *ListRulesFilter) (*ListRulesResponse, error)

ListRules implements ClientInterface.

func (*MockClient) ListSigners 

func (m *MockClient) ListSigners(ctx context.Context, filter *ListSignersFilter) (*ListSignersResponse, error)

ListSigners implements ClientInterface.

func (*MockClient) ListTemplates 

func (m *MockClient) ListTemplates(ctx context.Context, filter *ListTemplatesFilter) (*ListTemplatesResponse, error)

ListTemplates implements ClientInterface.

func (*MockClient) PreviewRule 

func (m *MockClient) PreviewRule(ctx context.Context, requestID string, req *PreviewRuleRequest) (*PreviewRuleResponse, error)

PreviewRule implements ClientInterface.

func (*MockClient) ResetCalls 

func (m *MockClient) ResetCalls()

ResetCalls clears all recorded calls.

func (*MockClient) RevokeInstance 

func (m *MockClient) RevokeInstance(ctx context.Context, ruleID string) (*RevokeInstanceResponse, error)

RevokeInstance implements ClientInterface.

func (*MockClient) Sign 

func (m *MockClient) Sign(ctx context.Context, req *SignRequest) (*SignResponse, error)

Sign implements ClientInterface.

func (*MockClient) SignWithOptions 

func (m *MockClient) SignWithOptions(ctx context.Context, req *SignRequest, waitForApproval bool) (*SignResponse, error)

SignWithOptions implements ClientInterface.

func (*MockClient) ToggleRule 

func (m *MockClient) ToggleRule(ctx context.Context, ruleID string, enabled bool) (*Rule, error)

ToggleRule implements ClientInterface.

func (*MockClient) UpdateRule 

func (m *MockClient) UpdateRule(ctx context.Context, ruleID string, req *UpdateRuleRequest) (*Rule, error)

UpdateRule implements ClientInterface.

func (*MockClient) UpdateTemplate 

func (m *MockClient) UpdateTemplate(ctx context.Context, templateID string, req *UpdateTemplateRequest) (*Template, error)

UpdateTemplate implements ClientInterface.

type PreviewRuleRequest 

type PreviewRuleRequest struct {
	RuleType string `json:"rule_type"` // evm_address_list, evm_contract_method, evm_value_limit
	RuleMode string `json:"rule_mode"` // whitelist, blocklist
	RuleName string `json:"rule_name,omitempty"`
	MaxValue string `json:"max_value,omitempty"` // Required for evm_value_limit
}

PreviewRuleRequest represents a request to preview a rule for approval.

type PreviewRuleResponse 

type PreviewRuleResponse struct {
	Rule Rule `json:"rule"`
}

PreviewRuleResponse represents a rule preview for an approval.

type RawMessagePayload 

type RawMessagePayload struct {
	RawMessage []byte `json:"raw_message"`
}

RawMessagePayload represents the payload for raw message signing.

type RemoteSigner 

type RemoteSigner struct {
	// contains filtered or unexported fields
}

RemoteSigner implements ethsig signer interfaces by making remote calls to the signing service. It can be used as a drop-in replacement for local signers.

func (*RemoteSigner) Close 

func (s *RemoteSigner) Close() error

Close is a no-op for RemoteSigner as there's no sensitive local data to clean up.

func (*RemoteSigner) GetAddress 

func (s *RemoteSigner) GetAddress() common.Address

GetAddress returns the signer's address. Implements ethsig.AddressGetter.

func (*RemoteSigner) PersonalSign 

func (s *RemoteSigner) PersonalSign(data string) ([]byte, error)

PersonalSign signs data using personal_sign (EIP-191 0x45). Implements ethsig.PersonalSigner.

func (*RemoteSigner) PersonalSignWithContext 

func (s *RemoteSigner) PersonalSignWithContext(ctx context.Context, data string) ([]byte, error)

PersonalSignWithContext signs data using personal_sign with context.

func (*RemoteSigner) SignEIP191Message 

func (s *RemoteSigner) SignEIP191Message(message string) ([]byte, error)

SignEIP191Message signs an EIP-191 formatted message. Implements ethsig.EIP191Signer.

func (*RemoteSigner) SignEIP191MessageWithContext 

func (s *RemoteSigner) SignEIP191MessageWithContext(ctx context.Context, message string) ([]byte, error)

SignEIP191MessageWithContext signs an EIP-191 formatted message with context.

func (*RemoteSigner) SignHash 

func (s *RemoteSigner) SignHash(hashedData common.Hash) ([]byte, error)

SignHash signs pre-hashed data (32 bytes). Implements ethsig.HashSigner.

func (*RemoteSigner) SignHashWithContext 

func (s *RemoteSigner) SignHashWithContext(ctx context.Context, hashedData common.Hash) ([]byte, error)

SignHashWithContext signs pre-hashed data with context.

func (*RemoteSigner) SignRawMessage 

func (s *RemoteSigner) SignRawMessage(raw []byte) ([]byte, error)

SignRawMessage signs raw message bytes. Implements ethsig.RawMessageSigner.

func (*RemoteSigner) SignRawMessageWithContext 

func (s *RemoteSigner) SignRawMessageWithContext(ctx context.Context, raw []byte) ([]byte, error)

SignRawMessageWithContext signs raw message bytes with context.

func (*RemoteSigner) SignTransactionWithChainID 

func (s *RemoteSigner) SignTransactionWithChainID(tx *types.Transaction, chainID *big.Int) (*types.Transaction, error)

SignTransactionWithChainID signs an Ethereum transaction with explicit chain ID. Implements ethsig.TransactionSigner.

func (*RemoteSigner) SignTransactionWithChainIDAndContext 

func (s *RemoteSigner) SignTransactionWithChainIDAndContext(ctx context.Context, tx *types.Transaction, chainID *big.Int) (*types.Transaction, error)

SignTransactionWithChainIDAndContext signs an Ethereum transaction with context.

func (*RemoteSigner) SignTypedData 

func (s *RemoteSigner) SignTypedData(typedData eip712.TypedData) ([]byte, error)

SignTypedData signs EIP-712 typed data. Implements ethsig.TypedDataSigner.

func (*RemoteSigner) SignTypedDataWithContext 

func (s *RemoteSigner) SignTypedDataWithContext(ctx context.Context, typedData eip712.TypedData) ([]byte, error)

SignTypedDataWithContext signs EIP-712 typed data with context.

type RequestStatus 

type RequestStatus struct {
	ID            string     `json:"id"`
	APIKeyID      string     `json:"api_key_id"`
	ChainType     string     `json:"chain_type"`
	ChainID       string     `json:"chain_id"`
	SignerAddress string     `json:"signer_address"`
	SignType      string     `json:"sign_type"`
	Status        string     `json:"status"`
	Signature     string     `json:"signature,omitempty"`
	SignedData    string     `json:"signed_data,omitempty"`
	ErrorMessage  string     `json:"error_message,omitempty"`
	RuleMatchedID *string    `json:"rule_matched_id,omitempty"`
	ApprovedBy    *string    `json:"approved_by,omitempty"`
	ApprovedAt    *time.Time `json:"approved_at,omitempty"`
	CreatedAt     time.Time  `json:"created_at"`
	UpdatedAt     time.Time  `json:"updated_at"`
	CompletedAt   *time.Time `json:"completed_at,omitempty"`
}

RequestStatus represents the status of a sign request.

type RevokeInstanceResponse 

type RevokeInstanceResponse struct {
	Status string `json:"status"`
	RuleID string `json:"rule_id"`
}

RevokeInstanceResponse represents the response from revoking an instance.

type Rule 

type Rule struct {
	ID            string     `json:"id"`
	Name          string     `json:"name"`
	Description   string     `json:"description,omitempty"`
	Type          string     `json:"type"`
	Mode          string     `json:"mode"`
	Source        string     `json:"source"`
	ChainType     *string    `json:"chain_type,omitempty"`
	ChainID       *string    `json:"chain_id,omitempty"`
	APIKeyID      *string    `json:"api_key_id,omitempty"`
	SignerAddress *string    `json:"signer_address,omitempty"`
	Config        RuleConfig `json:"config,omitempty"`
	Enabled       bool       `json:"enabled"`
	CreatedAt     time.Time  `json:"created_at"`
	UpdatedAt     time.Time  `json:"updated_at"`
	ExpiresAt     *time.Time `json:"expires_at,omitempty"`
	MatchCount    uint64     `json:"match_count"`
	LastMatchedAt *time.Time `json:"last_matched_at,omitempty"`
}

Rule represents an authorization rule.

type RuleConfig 

type RuleConfig json.RawMessage

RuleConfig represents the configuration for a rule. The actual structure depends on the rule type.

func (RuleConfig) MarshalJSON 

func (r RuleConfig) MarshalJSON() ([]byte, error)

MarshalJSON implements json.Marshaler.

func (*RuleConfig) UnmarshalJSON 

func (r *RuleConfig) UnmarshalJSON(data []byte) error

UnmarshalJSON implements json.Unmarshaler.

type ScheduleConfig 

type ScheduleConfig struct {
	Period  string     `json:"period"`
	StartAt *time.Time `json:"start_at,omitempty"`
}

ScheduleConfig defines periodic budget renewal.

type SignError 

type SignError struct {
	RequestID string
	Status    string
	Message   string
}

SignError represents an error during the signing process.

func (*SignError) Error 

func (e *SignError) Error() string

Error implements the error interface.

func (*SignError) Is 

func (e *SignError) Is(target error) bool

Is implements errors.Is for SignError.

type SignRequest 

type SignRequest struct {
	ChainID       string          `json:"chain_id"`
	SignerAddress string          `json:"signer_address"`
	SignType      string          `json:"sign_type"`
	Payload       json.RawMessage `json:"payload"`
}

SignRequest represents a signing request to the remote-signer service.

type SignResponse 

type SignResponse struct {
	RequestID   string `json:"request_id"`
	Status      string `json:"status"`
	Signature   string `json:"signature,omitempty"`
	SignedData  string `json:"signed_data,omitempty"`
	Message     string `json:"message,omitempty"`
	RuleMatched string `json:"rule_matched_id,omitempty"`
}

SignResponse represents the response from a signing request.

type Signer 

type Signer struct {
	Address string `json:"address"`
	Type    string `json:"type"`
	Enabled bool   `json:"enabled"`
}

Signer represents a signer configuration.

type Template 

type Template struct {
	ID             string             `json:"id"`
	Name           string             `json:"name"`
	Description    string             `json:"description,omitempty"`
	Type           string             `json:"type"`
	Mode           string             `json:"mode"`
	Source         string             `json:"source"`
	Variables      []TemplateVariable `json:"variables,omitempty"`
	Config         RuleConfig         `json:"config,omitempty"`
	BudgetMetering RuleConfig         `json:"budget_metering,omitempty"`
	Enabled        bool               `json:"enabled"`
	CreatedAt      time.Time          `json:"created_at"`
	UpdatedAt      time.Time          `json:"updated_at"`
}

Template represents a rule template.

type TemplateVariable 

type TemplateVariable struct {
	Name        string `json:"name"`
	Type        string `json:"type"`
	Description string `json:"description,omitempty"`
	Required    bool   `json:"required"`
	Default     string `json:"default,omitempty"`
}

TemplateVariable describes a variable in a rule template.

type Transaction 

type Transaction struct {
	To        *string `json:"to,omitempty"`
	Value     string  `json:"value"`
	Data      string  `json:"data,omitempty"`
	Nonce     *uint64 `json:"nonce,omitempty"`
	Gas       uint64  `json:"gas"`
	GasPrice  string  `json:"gasPrice,omitempty"`  // legacy
	GasTipCap string  `json:"gasTipCap,omitempty"` // EIP-1559
	GasFeeCap string  `json:"gasFeeCap,omitempty"` // EIP-1559
	TxType    string  `json:"txType"`              // "legacy", "eip2930", "eip1559"
}

Transaction represents an Ethereum transaction for signing.

type TransactionPayload 

type TransactionPayload struct {
	Transaction *Transaction `json:"transaction"`
}

TransactionPayload represents the payload for transaction signing.

type TypedData 

type TypedData struct {
	Types       map[string][]TypedDataField `json:"types"`
	PrimaryType string                      `json:"primaryType"`
	Domain      TypedDataDomain             `json:"domain"`
	Message     map[string]interface{}      `json:"message"`
}

TypedData represents EIP-712 typed data structure.

type TypedDataDomain 

type TypedDataDomain struct {
	Name              string `json:"name,omitempty"`
	Version           string `json:"version,omitempty"`
	ChainId           string `json:"chainId,omitempty"`
	VerifyingContract string `json:"verifyingContract,omitempty"`
	Salt              string `json:"salt,omitempty"`
}

TypedDataDomain represents the EIP-712 domain separator.

type TypedDataField 

type TypedDataField struct {
	Name string `json:"name"`
	Type string `json:"type"`
}

TypedDataField represents a field in EIP-712 types.

type TypedDataPayload 

type TypedDataPayload struct {
	TypedData *TypedData `json:"typed_data"`
}

TypedDataPayload represents the payload for EIP-712 typed data signing.

type UpdateRuleRequest 

type UpdateRuleRequest struct {
	Name        string                 `json:"name,omitempty"`
	Description string                 `json:"description,omitempty"`
	Config      map[string]interface{} `json:"config,omitempty"`
	Enabled     bool                   `json:"enabled"`
}

UpdateRuleRequest represents a request to update an existing rule.

type UpdateTemplateRequest 

type UpdateTemplateRequest struct {
	Name        string                 `json:"name,omitempty"`
	Description string                 `json:"description,omitempty"`
	Config      map[string]interface{} `json:"config,omitempty"`
	Enabled     *bool                  `json:"enabled,omitempty"`
}

UpdateTemplateRequest represents a request to update a template.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.